Microsoft this week announced boosted customer security with a new feature in Office 2013: the ability to block risky macros.
The new functionality is Microsoft’s response to the growing trend of macro-abusing malware assaulting users worldwide and is meant to render corporate networks safer from such threats. Enterprise administrators can now block Office 2013 users from running macros in documents that originated from the Internet.
Earlier this year, the Redmond-based tech giant introduced the functionality in Office 2016 to prevent malicious macros from compromising computers in specific scenarios, and now it made it available for more of its customers.
The same as in Office 2016, enterprise admins can enable the option for Word, Excel, and PowerPoint. Control over this feature is available via the respective application’s Group Policy Administrative Templates for Office 2013.
The functionality is meant to work in Office 2013 exactly the same as in Office 2016, Microsoft says. Thus, organizations have the option to selectively scope macro use to a set of trusted workflows, while also being able to block users from enabling macros in scenarios that are considered high risk. Courtesy of a different and stricter notification, users will be able to more easily distinguish between high-risk situations and normal workflow.
The feature is meant to address the issue of risky macros in documents downloaded from websites or cloud storage services such as OneDrive, Google Drive, and Dropbox. Macros in documents received as attachments in emails from outside sources, as well as those opened from file-sharing services are also targeted.
Macros have recently reemerged as a popular malware distribution method after being nearly extinct for almost a decade, when Microsoft decided to turn them off by default in Office. Now, cybercriminals use various social engineering tactics to trick users into enabling macros in malicious documents.
Researchers observed threat groups abusing macros to deliver malware, but this delivery method is mostly used to infect computers with ransomware or banking Trojans. Recently, researchers discovered that attackers create macro-enabled documents and then rename them by changing their extension, so that detection systems wouldn’t block their delivery.
Related: Microsoft Blocks Risky Macros in Office 2016
Related: Attackers Disguise Macro Malware by Renaming Files

More from Ionut Arghire
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
- Chrome 114 Released With 18 Security Fixes
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
Latest News
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
